public/postgresql_passchanger_function
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Updated readme

Browse Source
This commit is contained in:
dodger 2022-05-10 11:26:18 +02:00
parent c856d5462f
commit dbe1c21dd6
Signed by: dodger
GPG Key ID: F6701F6CB4D1C826
1 changed files with 24 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
README.md
View File

@ -13,6 +13,11 @@ All without granting `super` permissions and having a histoc of changes on a _ps
## Instructions ## Instructions
### First deploy ### First deploy
Modify `passchanger.sql` according your needings:
* Change `_min_password_length` on `change_my_password` function
* Change `_password_lifetime` on `change_valid_until` function
Deploy `passchanger.sql` on the desired cluster/database. Deploy `passchanger.sql` on the desired cluster/database.
It will: It will:
@ -23,6 +28,17 @@ It will:
* Create the 2 needed functions and grant permissions on them to `dba` * Create the 2 needed functions and grant permissions on them to `dba`
### Updates
Just execute the `CREATE OR REPLACE FUNCTION` part of the `passchanger.sql` file.
| :warning: WARNING |
|:---------------------------|
| Amazon RDS has some notes at the end... |
| :warning: WARNING |
### Allowing users to use that functions ### Allowing users to use that functions
Take the file `grants_to_grant.sql` and modify the username _dodger_ so it match the username that should have the permissions. Take the file `grants_to_grant.sql` and modify the username _dodger_ so it match the username that should have the permissions.
Execute the grants on the cluster/database you have deployed `passchanger.sql` Execute the grants on the cluster/database you have deployed `passchanger.sql`
@ -52,10 +68,15 @@ select dba.change_my_password('<Wl}TxqRPBQaV_N<rU#A') ;
## RDS considerations ## RDS considerations
As Amazon has modified Postgresql so you don't have access as a *real* superuser, the _dangerous_ function As Amazon has modified Postgresql so you don't have access as a *real* superuser and the _dangerous_ function
`change_valid_until` should run as the owner of the database (the user created when you deploy the database through AWS) `change_valid_until` should run as the owner of the database (the user created when you deploy the database through AWS)
There's a `passchanger_rds.sqlp` file which should be used instead of the normal one. There's a `passchanger_rds.sql` file which should be used instead of the normal one.
For updates you should change the owner of the `change_valid_until` to the database _owner_:
```
ALTER FUNCTION dba.change_my_password(text) OWNER TO _DATABASEOWNER;
```
Modify `_DATABASEOWNER` according your admin username...